Reaper IoT botnet 'only partially mobilised'

Report finds up to two million infected devices have yet to be activated

Despite the Reaper botnet receiving widespread coverage over the past few weeks, it seems it's not as powerful as security researchers first thought, as many of its bots are not actually operating to disable networks.

Although there are between 10,000 and 20,000 bots launching attacks, another two million hosts that have the potential to become part of it have for some reason not been launched, according to a report by Arbor Networks.

"Possible explanations include: misidentification due to flaws in the scanning code, scalability/performance issues in the Reaper code injection infrastructure, or a deliberate decision by the Reaper botmasters to throttle back the propagation mechanism," the company said in its analysis of the threat.

It's likely that Reaper may have been created to form part of a booter/stresser service for the Chinese DDoS-for-hire market, according to the report, as deeper research into the botnet's behaviour revealed that some of its code appears to be based upon the more powerful Mirai IoT malware.

"While Reaper is capable of launching SYN-floods, ACK-floods, HTTP floods, and DNS reflection/amplification attacks, it is likely to have other, yet-to-be-determined DDoS attack capabilities, as well," Arbor's Security Engineering & Response Team (ASERT) said in a blog post.

The Reaper botnet was first discovered by Qihoo 360 Netlab last month and since its discovery, it's been adapted to pose a threat to a range of connected devices including IP-based cameras, routers, storage boxes and Wi-Fi points from vendors including D-Link, TP-Link, Avtech, Netgear, MikroTik, Linksys, and Synology.

Netgear released a statement saying it's continuously adapting its firmware and security patches to make sure products are as protected as well as they can be.

"Netgear appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats," it said. "Being proactive rather than reactive to emerging security issues is a fundamental belief at Netgear."

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
What are SSH keys?
cyber security

What are SSH keys?

7 May 2021
Google’s about to push everyone into two-factor authentication
Security

Google’s about to push everyone into two-factor authentication

6 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021